Service accounts do not provide `client_secret`

[kevhill]

This might just be a documentation issue, but the docs and the readme state that this is compatible with google service accounts. However, service accounts do not provide a client_secrets but instead a private key that needs to be used in an OAuth2 flow to sign a JWT token to get an access token.

As far as I can tell, this flow is not supported by this plugin. Either new functionality needs to be added, or documentation needs to be updated.

[sethwoodworth]

:cricket: :cricket:

[houglum]

@kevhill: Following the examples in https://cloud.google.com/storage/docs/xml-api/gspythonlibrary (with the exception of using a JSON key file instead of a P12 key file), I was able to authenticate create a bucket. The handler being used by Boto was of type gcs_oauth2_boto_plugin.oauth2_plugin.OAuth2ServiceAccountAuth, which needs no client_secret attribute. Maybe I'm just not understanding what the scenario is that you're saying doesn't work... could you provide some repro steps and a code snippet that fails for whatever steps you're trying? Thanks!

Also, I sat here wondering for several minutes why @sethwoodworth was slicing apples before someone explained that those were each a cricket bat and a ball, not kitchen knives and apples.

[kevhill]

Sorry, this was long enough ago that I don't have access to the relevant code base, nor am I current with the docs.

However, with a cursory glance, at least the current docs do let you know how to use the oauth2 flow with boto, so I'll consider the matter closed.